Anonim / 2 lata, 10 miesięcy temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Edek (administrator) on EDEK-KOMPUTER on 23-01-2015 10:25:29
Running from C:\Users\Edek\Downloads
Loaded Profiles: Edek &  (Available profiles: Edek)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Polski (Polska)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Plus Internet\Plus Internet.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Farbar) C:\Users\Edek\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Plus Internet] => C:\Program Files\Plus Internet\PlusInternetChecker.exe [472384 2011-07-04] ()
HKLM\...\Run: [Driver Genius] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000\...\MountPoints2: {29e2f779-a07a-11e4-9e9a-002454ae6671} - F:\AutoRun.exe
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000\...\MountPoints2: {37ed2052-eadc-11e2-a0e5-002454ae6671} - F:\AutoRun.exe
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000\...\MountPoints2: {6c1abf81-f799-11e3-9e3b-002454ae6671} - F:\AutoRun.exe
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000\...\MountPoints2: {dcd85a2e-eb1f-11e2-9ed0-002454ae6671} - F:\AutoRun.exe
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {29e2f779-a07a-11e4-9e9a-002454ae6671} - F:\AutoRun.exe
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {37ed2052-eadc-11e2-a0e5-002454ae6671} - F:\AutoRun.exe
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6c1abf81-f799-11e3-9e3b-002454ae6671} - F:\AutoRun.exe
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {dcd85a2e-eb1f-11e2-9ed0-002454ae6671} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=708&r=2013/05/04&hid=4155778463&lg=EN&cc=PL
SearchScopes: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=708&r=2013/05/04&hid=4155778463&lg=EN&cc=PL
SearchScopes: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000 -> {C85FADD8-88A5-4202-A947-072E852047BF} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=A45DED3D-660A-468E-B535-ED9A7C7F1809&apn_sauid=9F6A2422-BF03-4EAC-9F06-2E91507D2E94
SearchScopes: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=708&r=2013/05/04&hid=4155778463&lg=EN&cc=PL
SearchScopes: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C85FADD8-88A5-4202-A947-072E852047BF} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=A45DED3D-660A-468E-B535-ED9A7C7F1809&apn_sauid=9F6A2422-BF03-4EAC-9F06-2E91507D2E94
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Pomocnik rejestracji usługi Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2092716530-3474641769-2676177707-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{CE9A3F57-F3B1-47BD-BD64-C1CB273D40F8}: [NameServer] 212.2.96.53 212.2.96.54

FireFox:
========
FF ProfilePath: C:\Users\Edek\AppData\Roaming\Mozilla\Firefox\Profiles\2e1uoh0k.default
FF DefaultSearchUrl: hxxp://websearch.pu-results.info/?pid=708&r=2013/05/04&hid=4155778463&lg=EN&cc=PL&l=1&q=
FF SearchEngineOrder.1: Ask Search
FF SearchEngineOrder.1,S: WebSearch
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.google.pl/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Edek\AppData\Roaming\Mozilla\Firefox\Profiles\2e1uoh0k.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Edek\AppData\Roaming\Mozilla\Firefox\Profiles\2e1uoh0k.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Edek\AppData\Roaming\Mozilla\Firefox\Profiles\2e1uoh0k.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Users\Edek\AppData\Roaming\Mozilla\Firefox\Profiles\2e1uoh0k.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Edek\AppData\Roaming\Mozilla\Firefox\Profiles\2e1uoh0k.default\searchplugins\the-pirate-bay.xml
FF SearchPlugin: C:\Users\Edek\AppData\Roaming\Mozilla\Firefox\Profiles\2e1uoh0k.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: RoboSaver - C:\Users\Edek\AppData\Roaming\Mozilla\Firefox\Profiles\2e1uoh0k.default\Extensions\FQ@8S.org [2014-12-11]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Edek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Edek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-20]
CHR Extension: (Dysk Google) - C:\Users\Edek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-20]
CHR Extension: (YouTube) - C:\Users\Edek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-20]
CHR Extension: (Adblock Plus) - C:\Users\Edek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-12]
CHR Extension: (Szukaj w Google) - C:\Users\Edek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-20]
CHR Extension: (Google Wallet) - C:\Users\Edek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR Extension: (Gmail) - C:\Users\Edek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-20]
CHR Extension: (TakeTheCoupon) - C:\ProgramData\hgbaifienhkeiemidhphbfombipceflh\ [2013-04-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-02] (DT Soft Ltd)
R3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [85248 2011-07-04] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-07-14] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [208896 2011-07-04] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 10:25 - 2015-01-23 10:26 - 00015666 _____ () C:\Users\Edek\Downloads\FRST.txt
2015-01-23 10:24 - 2015-01-23 10:24 - 01118208 _____ (Farbar) C:\Users\Edek\Downloads\FRST (1).exe
2015-01-23 10:21 - 2015-01-23 10:25 - 00000000 ____D () C:\FRST
2015-01-23 10:20 - 2015-01-23 10:20 - 01118208 _____ (Farbar) C:\Users\Edek\Downloads\FRST.exe
2015-01-22 15:02 - 2015-01-22 15:02 - 00001091 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-01-22 15:02 - 2015-01-22 15:02 - 00000000 ____D () C:\Users\Edek\AppData\Roaming\9-lab
2015-01-22 15:02 - 2015-01-22 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-01-22 15:02 - 2015-01-22 15:02 - 00000000 ____D () C:\ProgramData\9-lab
2015-01-22 15:02 - 2015-01-22 15:02 - 00000000 ____D () C:\Program Files\9-lab
2015-01-22 15:01 - 2015-01-22 15:02 - 06208936 _____ () C:\Users\Edek\Downloads\rmtool-setup-x86.exe
2015-01-22 14:21 - 2015-01-22 14:21 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Edek\Downloads\SpyHunter-Installer.exe
2015-01-22 13:39 - 2015-01-23 10:18 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 13:38 - 2015-01-22 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-22 13:38 - 2015-01-22 13:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-22 13:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-22 13:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-22 13:35 - 2015-01-22 13:38 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 13:35 - 2015-01-22 13:38 - 00000000 ____D () C:\Users\Edek\AppData\Roaming\Malwarebytes
2015-01-22 13:35 - 2015-01-22 13:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-22 13:35 - 2015-01-22 13:38 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-22 13:35 - 2015-01-22 13:36 - 00000000 ____D () C:\Users\Edek\Downloads\Malwarebytes' Anti-Malware 1.70.1.1100 pl- full
2015-01-22 13:35 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-22 13:33 - 2015-01-22 13:33 - 12848887 _____ () C:\Users\Edek\Downloads\Malwarebytes' Anti-Malware 1.70.1.1100 pl- full.rar
2015-01-20 10:25 - 2015-01-20 10:25 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-20 10:15 - 2015-01-20 10:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-20 09:36 - 2015-01-20 09:36 - 00000004 _____ () C:\Users\Edek\AppData\Roaming\appdataFr2.bin
2014-12-26 19:28 - 2014-12-26 19:28 - 00775968 _____ (Reimage®) C:\Users\Edek\Desktop\ReimageRepair.exe
2014-12-25 12:32 - 2014-12-25 12:32 - 00000000 ____D () C:\Users\Edek\AppData\Roaming\Dropbox
2014-12-25 11:26 - 2015-01-20 09:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-25 11:26 - 2014-12-25 11:26 - 05006864 _____ (AVAST Software) C:\Users\Edek\Downloads\avast_free_antivirus_setup_online.exe
2014-12-25 11:22 - 2014-12-25 11:22 - 00422256 _____ (Swift Installer ) C:\Users\Edek\Downloads\setup (10).exe
2014-12-25 11:12 - 2014-12-25 11:12 - 00000000 ____D () C:\Program Files\Common Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 10:26 - 2009-07-14 05:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 10:26 - 2009-07-14 05:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 10:22 - 2010-06-14 21:15 - 01935034 _____ () C:\windows\WindowsUpdate.log
2015-01-23 10:18 - 2013-04-20 20:16 - 00001028 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 10:18 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-23 10:18 - 2009-07-14 05:39 - 00144068 _____ () C:\windows\setupact.log
2015-01-22 19:16 - 2013-04-20 20:16 - 00001032 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 19:12 - 2012-04-12 19:17 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 14:37 - 2010-06-14 06:08 - 00984844 _____ () C:\windows\PFRO.log
2015-01-22 14:25 - 2010-09-19 18:53 - 00000000 ____D () C:\Users\Edek
2015-01-22 13:28 - 2013-04-20 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-22 13:26 - 2012-08-04 19:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-20 19:01 - 2010-06-14 21:57 - 00741366 _____ () C:\windows\system32\perfh015.dat
2015-01-20 19:01 - 2010-06-14 21:57 - 00155930 _____ () C:\windows\system32\perfc015.dat
2015-01-20 19:01 - 2009-07-26 21:06 - 01671400 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-20 18:51 - 2010-09-19 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Pack
2015-01-20 18:51 - 2010-09-19 18:55 - 00000000 ____D () C:\Program Files\Game Pack
2015-01-20 18:51 - 2010-06-14 05:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-19 19:51 - 2012-04-12 19:17 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-01-19 19:51 - 2012-04-12 19:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-19 19:39 - 2012-07-18 21:08 - 00000000 ____D () C:\Users\Edek\AppData\Roaming\Skype
2015-01-06 19:02 - 2014-10-12 19:40 - 00000000 ___RD () C:\Program Files\Skype
2015-01-06 19:02 - 2012-07-18 21:08 - 00000000 ____D () C:\ProgramData\Skype
2014-12-28 11:19 - 2009-07-14 05:53 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-25 12:21 - 2013-05-05 00:23 - 00000414 ____H () C:\windows\Tasks\schedule!3036567561.job
2014-12-25 12:12 - 2014-09-07 10:45 - 00000000 ____D () C:\ProgramData\DownSaaVE
2014-12-25 12:12 - 2014-08-06 10:31 - 00000000 ____D () C:\ProgramData\DealEXprEss
2014-12-25 12:12 - 2014-07-03 19:36 - 00000000 ____D () C:\ProgramData\SaveNeewaAppaz
2014-12-25 12:12 - 2014-03-16 13:40 - 00000000 ____D () C:\ProgramData\EEnjoyoCouopon
2014-12-25 12:12 - 2013-05-05 00:23 - 00000000 ____D () C:\ProgramData\Searcchh-NyeewTab
2014-12-25 12:10 - 2014-12-11 20:08 - 00000000 ____D () C:\ProgramData\AllCheapPrice
2014-12-25 12:10 - 2014-06-22 12:56 - 00000000 ____D () C:\ProgramData\GreatSaAvve4UU
2014-12-25 12:10 - 2014-05-21 19:08 - 00000000 ____D () C:\ProgramData\CoupExteennsIOn
2014-12-25 12:10 - 2013-05-05 00:19 - 00000000 ____D () C:\ProgramData\continnuetosavve
2014-12-25 11:41 - 2014-02-03 19:04 - 00000000 ____D () C:\ProgramData\Network Acceleration
2014-12-25 11:12 - 2014-01-05 15:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-25 11:11 - 2014-01-05 15:58 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-12-25 11:11 - 2012-04-13 20:48 - 00000000 ____D () C:\Program Files\Java

==================== Files in the root of some directories =======
2015-01-20 09:36 - 2015-01-20 09:36 - 0000004 _____ () C:\Users\Edek\AppData\Roaming\appdataFr2.bin
2010-09-19 18:55 - 2010-01-16 06:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-06-14 05:30 - 2010-06-14 05:30 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-06-14 05:28 - 2010-06-14 05:29 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-06-14 05:24 - 2010-06-14 05:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-06-14 05:29 - 2010-06-14 05:30 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-06-14 05:24 - 2010-06-14 05:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-06-14 05:26 - 2010-06-14 05:28 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Edek\AppData\Local\Temp\APNSetup.exe
C:\Users\Edek\AppData\Local\Temp\ApnStub.exe
C:\Users\Edek\AppData\Local\Temp\AVG.exe
C:\Users\Edek\AppData\Local\Temp\contentDATs.exe
C:\Users\Edek\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Edek\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Edek\AppData\Local\Temp\install_reader10_en_mssd_aih.exe
C:\Users\Edek\AppData\Local\Temp\ResetDevice.exe
C:\Users\Edek\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Edek\AppData\Local\Temp\setup.exe
C:\Users\Edek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Edek\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Edek\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-15 15:18

==================== End Of Log ============================